[global]
; url - Location to fas server
{% if env == "staging" %}
url = https://admin.stg.fedoraproject.org/accounts/
{% else %}
url = https://admin.fedoraproject.org/accounts/
{% endif %}

; temp - Location to generate files while user creation process is happening
temp = /var/db

; login - username to contact fas
login = {{ fedorathirdpartyUser }}

; password - password for login name
password = {{ fedorathirdpartyPassword }}

; prefix - install to a location other than /
prefix = /

; modefile - Location of a file containing saved home directory modes
modefile = /var/lib/fas/client_dir_perms

; cla_group - Group for CLA requirements
cla_group = cla_done

[host]
; Group hierarchy is 1) groups, 2) restricted_groups 3) ssh_restricted_groups
; so if someone is in all 3, the client behaves the same as if they were just
; in 'groups'

; groups that should have a shell account on this system.
{% if fas_client_groups is defined %}
groups = sysadmin-main,{{ fas_client_groups }}
{% else %}
groups = sysadmin-main
{% endif %}

; groups that should have a restricted account on this system.
; restricted accounts use the restricted_shell value in [users]
restricted_groups =

; ssh_restricted_groups: groups that should be restricted by ssh key.  You will
; need to disable password based logins in order for this value to have any
; security meaning.  Group types can be placed here as well, for example
; @hg,@git,@svn
{% if fas_client_ssh_groups is defined %}
ssh_restricted_groups = {{ fas_client_ssh_groups }}
{% else %}
ssh_restricted_groups = 
{% endif %}

; aliases_template: Gets prepended to the aliases file when it is generated by
; fasClient
aliases_template = /etc/aliases.template

[users]
; default shell given to people in [host] groups
shell = /bin/bash

; home - the location for fas user home dirs
home = /home/fedora

; home_backup_dir - Location home dirs should get moved to when a user is
; deleted this location should be tmpwatched
home_backup_dir = /home/fedora.bak

; ssh_restricted_app - This is the path to the restricted shell script.  It
; will not work automatically for most people though through alterations it
; is a powerfull way to restrict access to a machine.  An alternative example
; could be given to people who should only have cvs access on the machine.
; setting this value to "/usr/bin/cvs server" would do this.
{% if fas_client_restricted_app is defined %}
ssh_restricted_app = {{ fas_client_restricted_app }}
{% else %}
ssh_restricted_app = 
{% endif %}

; ssh_admin_app - This is the path to an app that an admin is allowed to use.
{% if fas_client_admin_app is defined %}
ssh_admin_app = {{ fas_client_admin_app }}
{% else %}
ssh_admin_app = 
{% endif %}

; restricted_shell - The shell given to users in the ssh_restricted_groups
restricted_shell = /sbin/nologin

; ssh_restricted_shell - The shell given to users in the ssh_restricted_groups
ssh_restricted_shell = /bin/bash

; ssh_key_options - Options to be appended to people ssh keys.  Users in the
; ssh_restricted_groups will have the keys they uploaded altered when they are
; installed on this machine, appended with the options below.
ssh_key_options = no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty

